Old deleted trust only visible with NLTest, and can't be removed

we have migrated complete new domain. last step break trust relationship. deleted two-way-trusts on both end, , let rest couple of days let sync. went fine... on 2 of 3 domain controllers. on 1 domain controller event log id 83 health service script every 5 minutes error:

ad monitor trusts : trusts between domain (newdomainname.local) , following domain(s) in error state:
adm.olddomainname.nl (inbound), error is:
the specified domain either not exist or not contacted. (0x54b)

very correct, old domain gone. everywhere in ad ui: sites , services, domains , trusts, etc, old domain present. way can see old trust on specific dc command nltest. (nltest /domain_trusts /all_trusts). says:

0: nt_olddomainname adm.olddomainname.nl (nt 5) (direct outbound) ( attr: quarantined 0x40 )

and when try remove netdom (netdom trust newdomainname.local /d:adm.olddomainname.nl /oneside:trusted /remove /force) says: the command completed succesfully.

also in dns we've cleared entries of old domain. , followed document, don't have entries class trusteddomain.

so @ end of our possibilities. hope 1 of have solution!

hello,

for "0x6ba "the rpc server unavailable" in dcdiag output see: http://msmvps.com/blogs/mweber/archive/2011/02/07/possible-error-messages-on-windows-server-2008-and-windows-server-2008-r2-domain-controllers.aspx, seems firewall. belongs dc3 , dc4

check article "problem: missing expected value" on dcs.

please remove internal dns servers forwarders:

test: forwarders/root hints (forw)
                  recursion enabled
                  forwarders information:
                     10.218.10.19 (w8d-vw-dc03) [valid]
                     10.218.10.20 (w8d-vw-dc04) [valid]

forwarders should point isps dns server , not domain internal ones or work root hints.

here list required firewall ports ad http://technet.microsoft.com/en-us/library/dd772723(ws.10).aspx

---

best regards

meinolf weber
mvp, mcp, mcts
microsoft mvp - directory services
my blog: http://msmvps.com/blogs/mweber/

disclaimer: posting provided no warranties or guarantees , confers no rights.

Windows Server  >  Directory Services